Firefox 16 downloads pulled due to security issue

Firefox 16 was released earlier this week, but now it looks like Mozilla's latest version of its web browser was launched a little bit too early. Mozilla has confirmed that it has pulled Firefox 16 from its official download sites due to a security issue that has been discovered.

In a post on the company's security blog, Mozilla says:

The vulnerability could allow a malicious site to potentially determine which websites users have visited and have access to the URL or URL parameters.  At this time we have no indication that this vulnerability is currently being exploited in the wild.

Mozilla added that it is working on an update for people who have already downloaded and installed Firefox 16 and will release that new version sometime later on Thursday. Just in case users of Firefox 16 don't want to wait for the update, Mozilla has also set up a way for those web browser users to downgrade their version back down to Firefox 15.0.1 while they wait for the new version of Firefox 16.

Mozilla recently offered a public alpha version of Firefox 18 for download, which include support for the "Modern" user interface in Windows 8.

Source: Mozilla blog | Image via Mozilla

Report a problem with article
Previous Story

TechSpot: Interview with Malwarebytes' founder, Marcin Kleczynski

Next Story

Google chairman: Microsoft is still not in his "gang"

28 Comments

Commenting is disabled on this article.

I know that but thanks for the info. What if I want to stay with 15.01 and do not want it to update itself as it does after some time. Is there a way to disable within the browser?

flynempire said,
I know that but thanks for the info. What if I want to stay with 15.01 and do not want it to update itself as it does after some time. Is there a way to disable within the browser?

Turn the auto check off.

flynempire said,
Is there a way to stop the auto updates and just stay with 15.01? It has worked very well for me so far..

It was never offered as an auto-update, the people who use(d) 16.0 where those who downloaded it when it was announced final. This is the reason they (Mozilla) wait a few days before offering it through auto-update.

Matt A. Tobin, 4 hours ago

"Another "success" of Mozilla's RapidRelease program. "

Exactly my thoughts!! Makes me want to hurry on over to their site and download this untested, who knows what else it might be doing, browser!!

Firefox and Chrome have gone beyond being stupid on how fast, and accurately, they think they need to update their stuff. Actually, Chrome has always been stupid on this, which is why Mozilla thinks they need to do the same!!

Yep,
I'd use ANY version of IE over either of those browsers.

cork1958 said,
Matt A. Tobin, 4 hours ago

"Another "success" of Mozilla's RapidRelease program. "

Exactly my thoughts!! Makes me want to hurry on over to their site and download this untested, who knows what else it might be doing, browser!!

Firefox and Chrome have gone beyond being stupid on how fast, and accurately, they think they need to update their stuff. Actually, Chrome has always been stupid on this, which is why Mozilla thinks they need to do the same!!

Yep,
I'd use ANY version of IE over either of those browsers.

Really? You'd use IE6 over Chrome and Firefox? You sir just failed.

cork1958 said,
Matt A. Tobin, 4 hours ago

"Another "success" of Mozilla's RapidRelease program. "

Exactly my thoughts!! Makes me want to hurry on over to their site and download this untested, who knows what else it might be doing, browser!!

Firefox and Chrome have gone beyond being stupid on how fast, and accurately, they think they need to update their stuff. Actually, Chrome has always been stupid on this, which is why Mozilla thinks they need to do the same!!

Yep,
I'd use ANY version of IE over either of those browsers.

I think you missed my point cork1958. My point was not to condemn Mozilla for updating firefox or to prove chrome as a superior product (it was never ment to be anything than a way to force everyone to adopt standards faster after all and not originally intended to be it's own dominating force and it shows)

Where chrome succeeds is it truly does employ a rapid development which is easy to do and does go twords getting the new standards out there because of what it is and what it was intended to be. A browser that is nothing more and nothing less than a rendering engine in a window frame. Though it did grow as Google's "Don't be evil" policy fell twords the wayside. And some people want a Just Works(tm) solution that is as simple as that (half baked addon system not withstanding).

Where Mozilla Firefox and it's parent product turned community sister product excelled at was pure choice in how your browser works, looks, and functions while providing what other browsers at the time didn't. Updated, stable, and reliable Web Browser plus so much more. However, this is not the case anymore and Mozilla needed a way to not look like it was standing still next to the rapid development cycle of Google Chrome (which I must remind you is little more than webkit in a window frame). What they failed to realize is you can't just start releasing a product every 6-12 weeks without the proper testing and actual development that makes it significant and advantageous to keep upgrading to the "latest and greatest".

RapidRelease simply does not work without rapid development. But firefox being more than just a rendering engine inside of a window frame (well it is but in a completely different way) it is a very complex piece of software engineering and lives off a mature code base that is now being picked apart and rewritten and changed so frequently but in tiny ways that no one can predict the over all affects of these changes without the proper testing. This compounded with the fact actual development is not proceeding any faster than before as caused a reduction in stability and quality of the releases we get from Mozilla. You can't just start making changes in pieces and components and expect the newer pieces to work with the older pieces instantly then compile and release a product every 6 weeks.

To restate the problem Firefox looked like it was being released slower than Chrome so Mozilla decided to go to this RapidRelease program which is all well and good on paper but in reality the problems caused by this decision are far worse and have done long standing damage to the Firefox brand than any perceived loss of market share caused by not having the highest version number and most releases in a year.

Peace,

Matt A. Tobin
Commanding Officer
Binary Outcast

Actually Firefox 15/16 works pretty well. Not that anyone has noticed, seeing as there is so much blind Mozilla rage on Neowin.

warr10r said,
Actually Firefox 15/16 works pretty well. Not that anyone has noticed, seeing as there is so much blind Mozilla rage on Neowin.

I regularly test and use Firefox builds from all channels via my little portable stub I wrote but as for a functional and stable firefox browser I use Pale Moon. I don't hate firefox or mozilla I just wish they would go back to how they used to be before MozCo corrupted the values of MozOrg. Though that is just my opinion. However what is not is my previous post.

ACTIONpack said,
Shows you that they need to focus on the browser instead of their stupid Mobile OS!

I would agree with this. What a mistake that mobile OS is going to be...

Another "success" of Mozilla's RapidRelease program.

I am very disappointed that Firefox builds that turn releases are not properly tested and have unprecedented stability, security, and reliablity issues ever since the beginning of this so called RapidRelease program.

The main issue is RapidRelease != Rapid Development. The actual development of the browser's code base has not accelerated and with constant reversion and pulling of new code from the various build channels filtering down to the Release channel we are not getting nearly the compelling and stable firefox that made it the product we came to use and care about.

With features and code being backed out you are left with mixing of new and old code which presents unpredictable results in the so called "Final" product which has affected stability and reliability in the browser since Firefox 5 began the trend.

Obviously this was a marketing decision made with no regard for code stability or testing. It is and has harmed firefox so much more than the apparent slowness of the previous release cycle ever did.

Why chrome is more successful than ever is that they actually develop very fast and thus their releases are faster but as it stands today nothing is faster about Firefox except how the major version number increases.

If Mozilla is not up to the task of providing an end to end experience with a fast cycle of releases it should return to the tried and true method of releasing updated versions when they actually reach a specific standard for code and functionality. This is how Firefox became popular and at one time one of the most used browsers aside from Internet Explorer which was only used "because it was there".

For the time being I am currently using a stable and functionally complete fork of the Firefox codebase known as Pale Moon. It does not conform to the ideals of releasing regardless of stability or completeness. Until such time either the actual development of firefox increases to match it's rapid release model or they return to a more sane release cycle that is in line with the speed of actual development I will not be using what comes out of MozCo.

Peace,

Matt A. Tobin
Commanding Officer
Binary Outcast

Matt A. Tobin said,
Another "success" of Mozilla's RapidRelease program.

I am very disappointed that Firefox builds that turn releases are not properly tested and have unprecedented stability, security, and reliablity issues ever since the beginning of this so called RapidRelease program.

The main issue is RapidRelease != Rapid Development. The actual development of the browser's code base has not accelerated and with constant reversion and pulling of new code from the various build channels filtering down to the Release channel we are not getting nearly the compelling and stable firefox that made it the product we came to use and care about.

With features and code being backed out you are left with mixing of new and old code which presents unpredictable results in the so called "Final" product which has affected stability and reliability in the browser since Firefox 5 began the trend.

Obviously this was a marketing decision made with no regard for code stability or testing. It is and has harmed firefox so much more than the apparent slowness of the previous release cycle ever did.

Why chrome is more successful than ever is that they actually develop very fast and thus their releases are faster but as it stands today nothing is faster about Firefox except how the major version number increases.

If Mozilla is not up to the task of providing an end to end experience with a fast cycle of releases it should return to the tried and true method of releasing updated versions when they actually reach a specific standard for code and functionality. This is how Firefox became popular and at one time one of the most used browsers aside from Internet Explorer which was only used "because it was there".

For the time being I am currently using a stable and functionally complete fork of the Firefox codebase known as Pale Moon. It does not conform to the ideals of releasing regardless of stability or completeness. Until such time either the actual development of firefox increases to match it's rapid release model or they return to a more sane release cycle that is in line with the speed of actual development I will not be using what comes out of MozCo.

Peace,

Matt A. Tobin
Commanding Officer
Binary Outcast

Unlike you I enjoy the rapid releases. Who likes to wait 4 years for a a new feature to come out? Not me. Firefox has slowed down their releases to a time line it's nothing new at all. Nov 20, 2012 Firefox 17 is releasing. Are you going to cry over that? I'm sure you have to have better things to complain about than an actual version number. I also like how you credit Chrome as if they release everything properly. Chrome is on version 22. And they bump the number for every under the hood updates.

Totalaero said,
Unlike you I enjoy the rapid releases. Who likes to wait 4 years for a a new feature to come out? Not me. Firefox has slowed down their releases to a time line it's nothing new at all. Nov 20, 2012 Firefox 17 is releasing. Are you going to cry over that? I'm sure you have to have better things to complain about than an actual version number. I also like how you credit Chrome as if they release everything properly. Chrome is on version 22. And they bump the number for every under the hood updates.

Did you even READ what I wrote man? Because I put alot of time and effort into presenting the case.

Matt A. Tobin said,

Did you even READ what I wrote man? Because I put alot of time and effort into presenting the case.

It's pretty clear Totalaero either didn't read, or didn't understand what you were talking about. I thought your comment was very well written, and agree with it.

francescob said,

The browser you need to pay an OS for? It's still not available for win7.

It comes with an OS pimbo! IE10 is not yet in final.

Nikos_GR said,
It comes with an OS pimbo! IE10 is not yet in final.

Yes, let's change the whole OS for a browser upgrade. Now THAT's smart. Let's ignore there are basically no new major features other than improved standards support (no, metro UI doesn't count) or that IE10 already had a 0-day exploit already being used days after windows 8 RTM release that took them days to fix while this Firefox bug is still not exploited, isn't as bad as IE's code execution and is getting patched already either today or tomorrow.

Shadowzz said,

blablabla nothing new in IE10, you must be smoking pot. Just because it looks the same, it is the same?
Its whole backend is redesigned and improved.

Oh, they improved the part users don't see, this is certainly an OS-upgrade-worthy argument. What a stupid I have been, I should certainly stop using the other more featured browsers and switch to IE10 that is basically IE9 with an improved engine, amazing idea! Is the improved web standards support that is generally still behind other browsers' worth the upgrading? Is the speed improvement worth losing all the third party addons/extensions I have? I still remember when IE9 launched and some benchmarks were in its favor then all the other browsers caught up in a couple of versions: it doesn't last forever.

Shadowzz said,

Also stop throwing that 0day exploit out as a negative thing to IE10, Win8 or MS.

Yes, a 0-day exploit is CERTAINLY not a negative thing, it's positive! Let's all downgrade to an unpatched XP, I bet it's going to be awesome!

Shadowzz said,

Since that exploit is entirely worthless in IE10 64bit.

And? Win8 x64 comes with both 32/64bit IE10 desktop versions but the 32bit one is the one enabled by default like on Windows 7 making that argument pretty pointless since, because of that choice, most x64 users were by default vulnerable.

Shadowzz said,

So lets blame MS for leaving a browser open for tools like you to cry and complain about. There is nothing wrong with IE10's full security enabled and wont be for months to come.

Wow, now you resort to personal attacks? Your troll level just increased by one.

Shadowzz said,

Also IE8 took 1,5 years before its sandbox was broken.
IE9 took 7 months before its sandbox was broken.

Now vs Chrome
Chrome's sandbox was broken twice in this week alone.

And did it take several days to patch? And was the security hole already used by websites to install malware?

My point was that IE10 just like Chrome or Firefox isn't magically immune to security vulnerabilities: did you really have to turn entirely the argument to try proving something I never said?

Shadowzz said,

Now run along Tommy, go to your mommy!

So all you can do is provoke and resort to personal attacks? Grow up.

brent3000 said,
They pulled version 16 but there is already a beta for version 18 0_0

Separate teams I believe, but the current updates and the next will always be on the alpha. I know this sounds complicated. I use Chrome, so I wouldn't exactly know.

brent3000 said,
They pulled version 16 but there is already a beta for version 18 0_0

18 is an *alpha* version.

There are 4 versions on the main development track at any one time:
Release (should be 16)
Beta (17)
Aurora/alpha (18)
Nightly (19).

Every 6 weeks, each release moves in to the next channel, without the features that aren't stable yet (each channel has its own criteria for feature 'stability').

M2Ys4U said,

18 is an *alpha* version.

There are 4 versions on the main development track at any one time:
Release (should be 16)
Beta (17)
Aurora/alpha (18)
Nightly (19).

Every 6 weeks, each release moves in to the next channel, without the features that aren't stable yet (each channel has its own criteria for feature 'stability').

This. Despite the risks of using a bleeding edge software, I enjoy experiencing the latest features of something because I'm obsessed with staying up to date.